<?php
session_start();
include("load-settings.php");

$error = "";

if(isset($_POST['oldpassword']))
{
	$oldpassword = mysql_real_escape_string($_POST['oldpassword']);
	$newpassword = mysql_real_escape_string($_POST['newpassword']);
	$cnewpassword = mysql_real_escape_string($_POST['cnewpassword']);

	$user = $_SESSION['user'];

	if($oldpassword == "" || $newpassword == "")
	{
		$error = "Fields cannot be blank.";
	}
	else if($newpassword != $cnewpassword)
	{
		$error = "Passwords must match.";
	}
	else
	{
		$result = mysql_query("SELECT * FROM user WHERE id = $user");
		$row = mysql_fetch_array($result);
		
		if(crypt($oldpassword, $row['password']) != $row['password'])
		{
			$error = "Incorrect password.";
		}
		else
		{
			$new_hash = crypt($newpassword, $row['password']);
			mysql_query("UPDATE user SET password = '$new_hash' WHERE id = $user");
			$error = "Password successfully changed.";
		}
		
	}
}
?>
<!doctype html>
<html>
<head>
  <meta charset="UTF-8" />
  <meta name="viewport" content="width=device-width, maximum-scale=1, initial-scale=1, user-scalable=0">

  <!-- Always force latest IE rendering engine or request Chrome Frame -->
  <meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible">
    <link rel="icon" href="http://www.veteranboosters.com/wp-content/uploads/2014/04/favicon4.png" type="image/x-icon"/>
    <link rel="shortcut icon" href="http://www.veteranboosters.com/wp-content/uploads/2014/04/favicon4.png" type="image/x-icon"/>
  <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open+Sans:400,600,800">

  <!-- Use title if it's in the page YAML frontmatter -->
  <title>Veteran Boosters Order Tracking</title>


  <!--[if lt IE 9]>
  <script src="../../javascripts/vendor/html5shiv.js" type="text/javascript"></script>
  <script src="../../javascripts/vendor/excanvas.js" type="text/javascript"></script>
  <![endif]-->
<link rel="stylesheet" href="css/bootstrap.min.css" />
<link rel="stylesheet" href="css/font-awesome.css" />
<link rel="stylesheet" href="css/fullcalendar.css" />
<link rel="stylesheet" href="css/jquery.jscrollpane.css" />	
<link rel="stylesheet" href="css/unicorn.css" />
  <!--<link href="stylesheets/application.css" media="screen" rel="stylesheet" type="text/css" />-->
  <script src="javascripts/application.js" type="text/javascript"></script>
</head>
<?php
	include("top.php");
?>
  <div class="container-fluid padded">
    <div class="row">

      <!-- Breadcrumb line -->

     
			<div id="breadcrumb">
				<a href="/" title="" class="tip-bottom" data-original-title="Go to Home"><i class="fa fa-home"></i> Home</a>
				<a href="#">Members</a>
				<a href="#" class="current">Password Change  </a>
			</div>
    </div>
  </div>

  <div class="container-fluid padded">
    <div class="row">
   <div class="col-lg-12">
      <div class="box">
         
         <div class="box-content">
            <form enctype="application/x-www-form-urlencoded" class="form-horizontal" action="" method="post">
			<div class="padded">
			<div class="form-group">
				<label class="col-sm-3 col-md-3 col-lg-2 control-label">Current password</label>
				<div class="col-sm-9 col-md-9 col-lg-10">
					<input type="password" name="oldpassword" id="oldpassword" value="" size="30" class="form-control input-sm">
				</div>
			</div>
			<div class="form-group">
				<label class="col-sm-3 col-md-3 col-lg-2 control-label">New password</label>
				<div class="col-sm-9 col-md-9 col-lg-10">
					<input type="password" name="newpassword" id="newpassword" value="" size="30" class="form-control input-sm">
				</div>
			</div>
			<div class="form-group">
				<label class="col-sm-3 col-md-3 col-lg-2 control-label">Confirm new password</label>
				<div class="col-sm-9 col-md-9 col-lg-10">
					<input type="password" name="cnewpassword" id="cnewpassword" value="" size="30" class="form-control input-sm">
				</div>
			</div>
				<div class="form-group" style = "color: red">
					<?php echo $error; ?>
				</div>
				<div class="form-actions">
				<input type="submit" name="submit" id="submit" value="Change Password" class="btn btn-primary"></div></div>
				</form>  
				</div>
      </div>
   </div>
</div>
  
</div>
</div>
<?php
	include("bottom.php");
?>
